package com.rogchen.security.securitycustomuser.configuration;

import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

/**
 * @author Rogchen rogchen128@gmail.com
 * @description:
 * @product: IntelliJ IDEA
 * @created Date: 19-11-6 14:24
 **/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
@Slf4j
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {


    /**
     * 注入自定义的 AuthenticationProvider
     */
    @Autowired
    private AuthenticationProvider authenticationProvider;
    /**
     * 注入自定义的 AuthenticationSuccessHandler
     */
    @Autowired
    private AuthenticationSuccessHandler securityAuthenticationSuccessHandler;
    /**
     * 注入自定义的 AuthenticationFailureHandler
     */
    @Autowired
    private AuthenticationFailureHandler authenticationFailureHandler;


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .formLogin().loginPage("/login").loginProcessingUrl("/login")
//               设置默认成功回调地址。
                .successHandler(securityAuthenticationSuccessHandler).defaultSuccessUrl("/index")
                .failureHandler(authenticationFailureHandler)
                .permitAll()  // 登录页面链接、登录表单链接、登录失败页面链接配置
                .and()
                .authorizeRequests()
                .antMatchers("/assets/**").permitAll() // 静态资源配置
                .antMatchers("/index", "/login-error").permitAll() // 免校验链接配置
                .anyRequest()
                .access("@rsbPermissionImpl.hasPermission(request, authentication)")
//                .authenticated()
//                .anyRequest().hasRole("ADMIN0")   //强制需要ADMIN0的角色权限
                .and()
//                防止出现点登出后在点登录出现error，地址为login?logout
                .logout().logoutSuccessUrl("/login").logoutUrl("/logout").permitAll()
                .and()
                .csrf().disable();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider);
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/static/**", "/assets/**", "/favicon.ico", "/index");
    }

}
